Playstation 3 Code Signing Cracked For Good 534
ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"
Epic Fail? Hardly. (Score:5, Informative)
From the blurb:
'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system.
Ok, the PS3 was launched on November 11, 2006. [wikipedia.org] Today's date is December 29, 2010. That means that it took over four years to be broken.
Compared to DVD and Blu-Ray, that is actually pretty darn good.
Re:Epic Fail? Hardly. (Score:5, Informative)
Ok, the PS3 was launched on November 11, 2006. [wikipedia.org] Today's date is December 29, 2010. That means that it took over four years to be broken.
Compared to DVD and Blu-Ray, that is actually pretty darn good.
I was at the presentation in Berlin today. They did bring up this exact point.
Their counter argument was that people don't take into consideration that the console did support homebrew until Sony declared they'd drop that. The argument for that action was they'd save money not having to support it for their then-new PS3 Slim models, which turned out to be bullshit after hackers discovered that the Slim (with some hacking) could actually run the same Linux distros as the PS3 Fat. They then disabled OtherOS on the PS3 Fat, too.
This was 12 months ago (can't cite a source other than the slides), making it take only 12 months of actual effort for it to get cracked, as opposed to other (closed) platforms where the homebrew hacking efforts begin at day 0.
Re:Epic Fail? Hardly. (Score:5, Informative)
That's true. And Sony have been boasting of having the toughest DRM of all consoles.
However, it only took half a year [joystiq.com] from removing Linux support, and in that short period have had many partially successful attacks against it. Before, while they had the Linux support, such stories were remarkably rarer.
Many critics meant that the continued security of the console was partially because they allowed linux to run on it, and so many of the talented people had no reason to look closer at it. Since PS3, after four year of "DRM cracking almost never heard of" have now gone to "Completely broken" in just over half a year's time, I think they have a point there.
It's not that it was that much more secure, it's just that most of the really talented people had no reason to look into it.
Re:Wow... (Score:5, Informative)
What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?
From my layman's understanding of what they did (View the actual conference footage here: http://www.youtube.com/watch?v=GPjd6gHY6A4 [youtube.com] ), they don't HAVE the private key. Sony made a big mistake in their key generation method, where they were supposed to use a random value for one variable, they used a static value. Because of that, you're able to generate valid signed packages without the private key.
Re:Wow... (Score:5, Informative)
They say at the end of their talk they do not have the LV1 OS keys, and they aren't going to work on them -- those are used to sign & verify games.
The Isolation-mode SPU AES key is used to verify loaders, and it was broken because the encrypted block is stored at a lower address than the decryption code -- and the size parameter is not verified. So the encrypted block can be overflowed to overwrite the current instruction and then the isolated SPU is under user control.
Re:Wow... (Score:3, Informative)
Actually, the bug wasn't in key generation, but in *signature* generation.
They were supposed to salt each signature with a different random salt (number "m"), but they didn't, they used a constant number every time.
That made the equations for computing the signatures, R and S, easily exploitable, making it possible to simply solve them and obtain the private key. Now, this isn't a computationally expensive operation, since the equations are rather simple, hence the EPIC fail: as soon as anyone realizes Sony didn't salt their signatures, they can almost immediately compute the private key used just by having two signatures using the same key (and salt).
Re:Sigh (Score:2, Informative)
There was basically no knowledge of the PS3 10 or so months ago. There was literally zilch besides a minor OtherOS 3D graphics hack until Sony released the PS3 Slim without Linux. No one cared, or at least no one who knew what they were doing cared, because they were happy with Linux. I've yet to meet someone who 1) was actively trying to hack the PS3 before they pulled OtherOS and 2) actually did something worth mentioning once this whole thing took off. The (few) people who were trying were (and still are) clueless, and the people who know started after the OtherOS mess. OtherOS was a great way to keep the hackers happy, and pulling it has been a great way to get everyone to target them.
Re:Sigh (Score:5, Informative)
I'm one of those guys, and the summary is so terrible it's not even funny. Please watch the recording of the talk before you form an opinion; the reporting on this one is pretty terrible. Especially the "overflowing the bootup NOR flash". I don't even know what that's supposed to mean.
The PS3 security system really is horrible. Most of it is effectively useless because it can be worked around or breaking it is not necessary, and the signature screwup is basically inexcusable. We aren't calling it "Epic Fail" for one or two holes, we're calling it "Epic Fail" because as a whole it's a complete clusterfuck and there are many fundamental design holes and more than enough evidence that the developers responsible for it were not qualified to design a security system or write its code (e.g. clearly they didn't employ a proper cryptographer). It's also a reference to our Wii talk (which was subtitled "Wii Fail") because we consider the PS3's security to be a hell of a lot worse, design-wise.
Re:Epic Fail? WTF? (Score:4, Informative)
Although the keys are kind of short (they likely will become breakable in a few decades or something like that), that has nothing to do with the screwup. They completely botched their signer so it creates correlated signatures that leak the key. The computation to get the private key takes milliseconds.
Re:precisely. (Score:3, Informative)
Assuming they don't botch signing with the new key, no, we don't. The code running on the PS3 is perfectly fine (the signature verification, that is; the rest of the security is a clusterfuck). So is the way the signature is implemented. The screwup is in Sony's signer code. If they fix that and only issue safe signatures from now on, we can't compute new keys.
But because we can downgrade and due to the oracle attack on the secure SPE, this will likely not gain them much.
Re:Sigh (Score:5, Informative)
Very interesting writer too, explains on his website much of the details of working around the various "fixes" Nintendo applied to try and close the holes in their code.
He is definitely not an asshole, and those of us who care about openness on these consoles (or just enjoy running homebrew on them) owe a lot to him and the teams he works with.
</deserved asskissing>
Re:Epic Fail? WTF? (Score:4, Informative)
why the PS3 lasted this far is because OtherOS kept all the competent people happy enough not to try to break into the system
Really? people haven't been trying to get to accelerated video in linux on the ps3? Or access to the GameOS FS just to tinker with it? Or piracy(Piracy was a big BIG motivator on Xbox, 360, PS2 and Wii; also Dreamcast but, the DC's security was even bigger epic fail than Sony's).
So I think that's complete bollocks.
The PS3 only went down because the first few lines of defense were pretty good... But not much else. In game save exploits like the famous GTA:LCS PSP, the Mechassault Xbox or the Twilight Princess Wii attacks weren't possible because the PS3(and 360 IIRC), unlike a Wintel system, actually properly implement the NX bit(According to Mathieulh at least, it also explains why TIFF exploits weren't being examined as well). So, bye bye that attack vector. The PS3 didn't rely on making sure that the optical drive was secure, so bye bye with that exploit(this was popular on the 360 and Wii). The PS3 also didn't expose the CPU to debug pins like the Xbox(with Pogo pins) or the Xbox 360(thanks to it's handy dandy JTAG connector).
It wasn't until we saw the big weakness with the PSJailbreak did we see the other major flaws.
Yes, I've gone to bat for Sony for locking down the PS3, but I don't think that it's wrong to fight back.
Re:Sigh (Score:5, Informative)
A signer screwup that leaks their private key is not epic fail? This is probably the first time in embedded system security that someone has fucked up public key crypto this badly.
So does the PS3. JTAG doesn't mean anything if it's disabled, which it normally is, on both consoles (actually, we suspect it might be enabled on the PS3 but you probably can't do anything interesting with it). The Xbox 360 security design is a lot better than the PS3's. They had a few minor holes. The PS3 is completely messed up. The 360 has better revocation, better encryption, secure memory, a simpler and more effective security design, and a better implementation.
That came a lot later than modchips (which already enabled homebrew and piracy equally, since there's no PKI), and the slide was already overcrowded so it didn't make much sense.